﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using Newtonsoft.Json;
using Newtonsoft.Json.Serialization;

public partial class ajax_getuser : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["id_user"] != null && Session["permission"] != null
            && (((int)Session["permission"]) >= 2 && ((int)Session["permission"]) <= 3))
        {
            #region  get userId and check current user and user with userId have both register
            int userId = 0;
            try
            {
                userId = Int32.Parse(Request.QueryString["id"]);
                if (userId <= 0)
                    throw new Exception();
            }
            catch
            {
                userId = 0;
            }

            if (userId == 0)
            {
                Response.Write("FAIL");
                return;
            }

            // get parentId of userId
            int parentId = -1;
            string sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(userId.ToString(), "number");
            DataTable dtTable = dal.SelectTable(sql);
            if (dtTable.Rows.Count != 1)
            {
                Response.Write("FAIL");
                return;
            }
            parentId = Int32.Parse(dtTable.Rows[0]["parentId"].ToString());
            if (parentId == -1)  
            {
                Response.Write("FAIL");
                return;
            }
            // check parentId of userId and current user
            if ( parentId!=0  && ((int)Session["permission"]) == 2) // userId is not userId of register and current user is register
            {
                if (parentId != Int32.Parse(Session["id_user"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }
            if (parentId != 0 && ((int)Session["permission"]) == 3) //  userId is not userId of register and current user is manager
            {
                int managerId = Int32.Parse(Session["id_user"].ToString());
                sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(managerId.ToString(), "number");
                dtTable = dal.SelectTable(sql);
                if (dtTable.Rows.Count != 1)
                {
                    Response.Write("FAIL");
                    return;
                }
                if (parentId != Int32.Parse(dtTable.Rows[0]["parentId"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }

            if (parentId == 0 && ((int)Session["permission"]) == 2) // userId is userId of register and current user is register
            {
                if (userId != Int32.Parse(Session["id_user"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }

            if (parentId == 0 && ((int)Session["permission"]) == 3) //  userId is userId of register and current user is manager
            {
                int managerId = Int32.Parse(Session["id_user"].ToString());
                sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(managerId.ToString(), "number");
                dtTable = dal.SelectTable(sql);
                if (dtTable.Rows.Count != 1)
                {
                    Response.Write("FAIL");
                    return;
                }
                if (userId != Int32.Parse(dtTable.Rows[0]["parentId"].ToString()))
                {
                    Response.Write("FAIL");
                    return;
                }
            }
            #endregion

            sql = "SELECT * FROM [user] WHERE id=" + comm.to_sql(userId.ToString(), "number");
            dtTable = dal.SelectTable(sql);
            if (dtTable.Rows.Count != 1)
            {
                Response.Write("FAIL");
                return;
            }

            string json = "";// "{";
            //json += "'fullname':'" + dtTable.Rows[0]["fullname"].ToString() + "',";
            //json += "'username':'" + dtTable.Rows[0]["userName"].ToString() + "',";
            //json += "'email':'" + dtTable.Rows[0]["email"].ToString() + "',";
            //json += "'phone':'" + dtTable.Rows[0]["phone"].ToString() + "',";
            //json += "'permission':'" + dtTable.Rows[0]["permission"].ToString() + "',";
            //json += "'mailwhenwork':'" + dtTable.Rows[0]["mailwhenwork"].ToString() + "',";
            //json += "'mailwhencomment':'" + dtTable.Rows[0]["mailwhencomment"].ToString() + "'";
            //json += "}";
            json = JsonConvert.SerializeObject(dtTable.Rows[0].Table);

            Response.Write(json);

        }
    }
}
